Remote Code Execution Vulnerability in Request a Quote Form Plugin for WordPress
CVE-2025-8420

8.1HIGH

Key Information:

Vendor: WordPress
Status: Request A Quote Form Plugin – Price Quote Request Management Made Easy
Vendor: CVE Published:; 6 August 2025

What is CVE-2025-8420?

An issue has been identified in the Request a Quote Form plugin for WordPress, where improper validation of user input in the emd_form_builder_lite_pagenum function allows for Remote Code Execution. This vulnerability can be exploited by unauthenticated attackers to execute arbitrary code on the server, despite the inability to pass parameters to the invoked functions. Affected users are advised to upgrade to version 2.5.3 or later to mitigate potential risks.

Affected Version(s)

Request a Quote Form Plugin – Price Quote Request Management Made Easy * <= 2.5.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
Jul 31, 2025

Credit

Michael Mazzolini